crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge Pollion cherry pick

certbot_on_virtu
_shirenn 2020-08-07 12:59:56 +02:00
parent 7d8131555f
commit dc17f75f90
6 changed files with 68 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
group_vars/dhcp.yml
View File

@ -3,80 +3,26 @@
dhcp:
authoritative: True
global_options:
- { key: "interface-mtu", value: "1496" }
- { key: "interface-mtu", value: "1500" }
global_parameters: []
subnets:
- network: "10.51.0.0/16"
deny_unknown: False
vlan: "accueil"
- network: "100.64.0.0/16"
deny_unknown: True
vlan: "adh-nat"
default_lease_time: "600"
max_lease_time: "7200"
routers: "10.51.0.10"
dns: ["10.51.0.152", "10.51.0.4"]
domain_name: "accueil.crans.org"
domain_search: "accueil.crans.org"
options:
- { key: "time-servers", value: "10.51.0.10" }
- { key: "ntp-servers", value: "10.51.0.10" }
- { key: "ip-forwarding", value: "off" }
range: ["10.51.1.0", "10.51.255.255"]
routers: "100.64.0.99"
dns: ["100.64.0.101", "100.64.0.102"]
domain_name: "adh-nat.crans.org"
domain_search: "adh-nat.crans.org"
options: []
lease_file: "/tmp/dhcp.list"
- network: "10.231.148.0/24"
deny_unknown: False
vlan: "bornes"
default_lease_time: "8600"
routers: "10.231.148.254"
dns: ["10.231.148.152", "10.231.148.4"]
domain_name: "borne.crans.org"
domain_search: "borne.crans.org"
options:
- { key: "time-servers", value: "10.231.148.98" }
- { key: "ntp-servers", value: "10.231.148.98" }
- { key: "ip-forwarding", value: "off" }
lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.borne.crans.org.list"
re2o:
server: re2o.adm.crans.org
service_user: "ploptotoisverysecure"
service_password: "ploptotoisverysecure"
dhcp:
uri: "/tmp/re2o-dhcp.git"
- network: "185.230.78.0/24"
deny_unknown: True
vlan: "fil_pub"
default_lease_time: "86400"
routers: "185.230.78.254"
dns: ["185.230.78.152", "185.230.78.4"]
domain_name: "adh.crans.org"
domain_search: "adh.crans.org"
options:
- { key: "time-servers", value: "185.230.79.98" }
- { key: "ntp-servers", value: "185.230.79.98" }
- { key: "ip-forwarding", value: "off" }
- { key: "smtp-server", value: "185.230.79.39" }
lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.adh.crans.org.list"
- network: "10.54.0.0/19"
deny_unknown: True
vlan: "fil_new"
default_lease_time: "86400"
routers: "10.54.0.254"
dns: ["10.54.0.152", "10.54.0.4"]
domain_name: "fil.crans.org"
domain_search: "fil.crans.org"
options:
- { key: "time-servers", value: "185.230.79.98" }
- { key: "ntp-servers", value: "185.230.79.98" }
- { key: "ip-forwarding", value: "off" }
- { key: "smtp-server", value: "185.230.79.39" }
lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.fil.crans.org.list"
- network: "10.53.0.0/19"
deny_unknown: False # For Federez
vlan: "wifi_new"
default_lease_time: "86400"
routers: "10.53.0.254"
dns: ["10.53.0.152", "10.53.0.4"]
domain_name: "wifi.crans.org"
domain_search: "wifi.crans.org"
options:
- { key: "time-servers", value: "185.230.79.98" }
- { key: "ntp-servers", value: "185.230.79.98" }
- { key: "ip-forwarding", value: "off" }
- { key: "smtp-server", value: "185.230.79.39" }
lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.wifi.crans.org.list"
range: ["10.53.21.0", "10.53.25.254"]
mail_server: smtp.new-infra.adm.crans.org

53
group_vars/keepalived.yml
View File

@ -1,52 +1,11 @@
---
keepalived:
radius:
password: "{{ vault_keepalived_radius_password }}"
id: 52
ipv6: yes
zones:
- vlan: adm
ipv4: 10.231.136.11/24
brd: 10.231.136.255
ipv6: 2a0c:700:0:2:ad:adff:fef0:f002/64
- vlan: bornes
ipv4: 10.231.148.11/24
brd: 10.231.148.255
ipv6: fd01:240:fe3d:3:ad:adff:fef0:f003/64
- vlan: switches
ipv4: 10.231.100.11/24
brd: 10.231.100.255
ipv6: fd01:240:fe3d:c804:ad:adff:fef0:f004/64
router:
password: "{{ vault_keepalived_router_password }}"
id: 53
dhcp:
password: "plopisverysecure"
id: 60
ipv6: no
zones:
- vlan: adm
ipv4: 10.231.136.254/24
brd: 10.231.136.255
- vlan: fil_pub
ipv4: 185.230.78.254/24
brd: 185.230.78.255
- vlan: srv
ipv4: 185.230.79.254/24
brd: 185.230.79.255
- vlan: fil_new # Nat filaire
ipv4: 10.54.0.254/16
brd: 10.54.255.255
- vlan: wifi_new
ipv4: 10.53.0.254/16
brd: 10.53.255.255
- vlan: zayo
ipv4: 158.255.113.73/31
proxy:
password: "{{ vault_keepalived_proxy_password }}"
id: 51
ipv6: yes
zones:
- vlan: srv
ipv4: 185.230.79.194/32
brd: 185.230.79.255
ipv6: 2a0c:700:0:24:ba:ccff:feda:aa00/64
- vlan: adh-nat
ipv4: 100.64.0.99/16
brd: 100.64.255.255

15
host_vars/routeur-daniel.adm.crans.org.yml 100644
View File

@ -0,0 +1,15 @@
---
interfaces:
adm: ens18
srv: ens19
srv-nat: ens20
infra: ens21
adh: ens22
adh-nat: ens23
keepalived_instances:
- name: dhcp
tag: VI_DHCP
state: BACKUP
priority: 100

15
host_vars/routeur-sam.adm.crans.org.yml 100644
View File

@ -0,0 +1,15 @@
---
interfaces:
adm: ens18
srv: ens19
srv-nat: ens20
infra: ens21
adh: ens22
adh-nat: ens23
keepalived_instances:
- name: dhcp
tag: VI_DHCP
state: MASTER
priority: 150

14
hosts
View File

@ -36,8 +36,18 @@ sam.adm.crans.org
daniel.adm.crans.org
jack.adm.crans.org
[crans_routeurs]
routeur-daniel
[keepalived]
routeur-sam.adm.crans.org
routeur-daniel.adm.crans.org
[dhcp]
routeur-sam.adm.crans.org
routeur-daniel.adm.crans.org
[crans_routeurs:children]
dhcp
keepalived
[crans_physical]
tealc.adm.crans.org

4
roles/re2o-dhcp/tasks/main.yml
View File

@ -15,10 +15,11 @@
etype: group
permissions: rwx
state: query
when: not ansible_check_mode
- name: Clone re2o-dhcp repository
git:
repo: 'http://gitlab.adm.crans.org/nounous/re2o-dhcp.git'
repo: "{{ re2o.dhcp.uri }}"
dest: /var/local/re2o-services/dhcp
version: crans
umask: '002'
@ -30,6 +31,7 @@
owner: root
group: root
state: link
force: yes
- name: Create generated directory
file: